SAINT CorporationSAINT:6D7BBD108C0FA9813AE3EAA2D86CD7F7Microsoft .NET Framework Memory Access Vulnerability
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.867 High
EPSS
Percentile
98.6%
Added: 06/18/2012
CVE: CVE-2012-1855
BID: 53861
OSVDB: 82859
Background
The .NET Framework is a software framework for Microsoft Windows. It includes a large class library that provides user interface, data access, database connectivity, cryptography, web application development, numeric algorithms, and network communications. Programs written for the .NET Framework execute in a software environment known as the Common Language Runtime (CLR), an application virtual machine that provides services such as security, memory management, and exception handling. The class library and the CLR together constitute the .NET Framework.
Problem
Microsoft .NET Framework is vulnerable to remote code execution due to a memory corruption flaw because the framework fails to sanitize user-supplied input when handling function pointers. If a remote attacker persuades a user to open a specially crafted web page, the attacker could execute arbitrary code in the context of the vulnerable user.
Resolution
Apply the patch provided in Microsoft Security Bulletin MS12-038.
References
<http://www.cvedetails.com/cve/CVE-2012-1855/>
Limitations
This exploit has been tested against Microsoft .NET Framework 4 on Microsoft Windows XP SP3 English (DEP OptIn).
The user must open the exploit file in Internet Explorer 8.
Platforms
Windows
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.867 High
EPSS
Percentile
98.6%